Bug #76744 password has expired
Submitted: 18 Apr 2015 13:15 Modified: 21 Apr 2015 15:08
Reporter: g c Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:5.7.4-m14 OS:Linux
Assigned to: CPU Architecture:Any

[18 Apr 2015 13:15] g c
Description:
#mysql -h xxx -u xxx -p xxx
Enter password:
ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.

even tho password_expired=N

How to repeat:
#mysql -h xxx -u xxx -p xxx
Enter password:
ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.

#mysql -h xxx -u root -p mysql
mysql> select password_expired from user where user='xxx';
+------------------+
| password_expired |
+------------------+
| N                |
+------------------+
1 row in set (0.00 sec)
mysql> select password_last_changed from user where user='xxx';
+-----------------------+
| password_last_changed |
+-----------------------+
| 2014-04-23 15:49:43   |
+-----------------------+
mysql> update user set password=password('xxx') where user='xxx';
mysql> flush privileges;
mysql> select password_last_changed from user where user='xxx';
+-----------------------+
| password_last_changed |
+-----------------------+
| 2014-04-23 15:49:43   |
+-----------------------+

#mysql -h xxx -u xxx -p xxx
Enter password:
ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.

#mysql -h xxx -u root -p mysql
mysql> update user set password_last_change='2015-04-18 15:49:43' where user='xxx'
mysql> flush privileges;

only now user xxx can login.
[21 Apr 2015 14:26] MySQL Verification Team
Hi,

Thank you for your report, but this is not a bug.

There are many new features in MySQL 5.7, of which, one is password expiration. MySQL 5.7 client program, mysql CLI, is equipped to deal with this situation, but by default, it is turned off. So, you have to turn it on, by a special argument.

This is all very nicely explained in our 5.7 manual:

http://dev.mysql.com/doc/refman/5.7/en/mysql-command-options.html#option_mysql_connect-exp...
[21 Apr 2015 14:43] g c
the doc sais:
--connect-expired-password

Indicate to the server that the client can handle sandbox mode if the account used to connect has an expired password.

but here password_expired was N. I also read http://dev.mysql.com/doc/refman/5.7/en/password-expiration-sandbox-mode.html
and nowhere it sais that password expiration is related to password_last_change
[21 Apr 2015 14:59] MySQL Verification Team
It is not all in one chapter. This feature is explained in several chapters. I recommend you to read the entire 5.7 manual. One of the related chapters is:

http://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html
[21 Apr 2015 15:08] g c
ok, thank you. This explains this.